Got an email this morning from a company advertising their newest webinar “The Two Pillars of Effective Large-Scale Email: Security and Deliverability.” The message came to a tagged address, so clearly I’d given them one at some point. But I didn’t recognize the name or company or anything. I did a search to seen when I may have interacted with this company in the past...
For some reason otherwise legitimate ESPs have over the years picked up a habit of obfuscating who they are. I don’t mean those cases where they use a customers subdomain for their infrastructure or bounce address. If the customer is Harper Collins then mail “from” @bounce.e.harpercollins.com sent from a server claiming to be mail3871.e.harpercollins.com isn’t unreasonable...
A question came up on the Women of Email Facebook page about sending cold B2B emails. This is one of those areas I have strong opinions about, mostly because I am so tired of getting deceptive and unending messages from folks. Realistically, cold emailing isn’t going to stop just because recipients hate receiving it. We haven’t wiped out spam in 20+ years, we’re not going to...
There are a bunch of online communities – mailing lists, Slack channels, etc. – where “people who do email” interact. Some of them are open to anyone to subscribe, some of them are semi-private and require an invitation, others are closed and only available by invitation and yet others are associated with trade associations and only open to their members. Many of them...
Back in the dark ages (the late ’90s) most people used dialup to connect to the internet. Those people who had broadband could run all sorts of services off them, including websites and mail servers and such. We had a cable modem for a while handling mail for blighty.com. At that time blighty.com had an actual website. This site hosted some of the very first online tools for fighting abuse...
The US National Cybersecurity Assessments & Technical Services Team have issued a mandate on web and email security, including TLS+HSTS for web servers, and STARTTLS+SPF+DKIM+DMARC for email. It’s … pretty decent for a brief, public requirements doc. It’s compatible with a prudent rollout of email authentication. Set up a centralized reporting repository for DMARC failure...
Getting to the Gmail inbox in concept is simple: send mail people want to receive. For a well established mail program with warm IPs and domains, getting to the inbox in practice is simple. Gmail uses recipient interaction with email to determine if an email is wanted or not. These interactions are easy when mail is delivered to the inbox, even if the user has tabs enabled. When mail is in the...
We just bought some new desks, to replace the old ones that date back to the days of CRT monitors. The supplier we bought them from, Autonomous, did a nice set of triggered sends throughout the sales process – “we’ve received your order”, “we’ve shipped your order”, “your order has been delivered”. That’s not rocket science – you...
A bit of a refresh of a post from 2011: Six best practices for every mailer. I still think best practices are primarily technical and that how senders present themselves to recipients is more about messaging and branding than best practices. These 6 best practices from 2011 are no longer best, these days, they’re the absolute minimum practices for senders. If you can’t manage to do...
One challenge when implementing DMARC is to ensure that all mail, and I do mean ALL mail is authenticated correctly, before switching to a p=reject notice. The easiest way to do this is to set up a p=none record and check reports to see what mail isn’t authenticated. At least some of this mail is actually going to be valid but unauthenticated email. I regularly recommend monitoring for 6...
RSS - Posts